Two minutes. The full analysis follows in Sections 1 through 12.

This report examines the structural harvest-now-decrypt-later (HNDL) risk facing FIFA's global data infrastructure. It is not an allegation of a specific breach or a specific intelligence operation. It is an analysis of whether the data FIFA collects, the encryption protecting it, and the routes it travels create a risk profile that warrants differentiated attention relative to other organizations facing the same general quantum cryptanalysis threat.

Four characteristics distinguish FIFA's data environment from most other organizations. First, mandatory cardiac and medical data collection with no opt-out, compulsory for all FIFA competitions since 2010. Second, concentration of identity and registration data from 211 member associations through FIFA Connect, with medical and PCMA data moving cross-border through documented workflows rather than a publicly documented central clinical repository. Third, the unpredictable future political significance of the data subjects, with documented cases of professional footballers later entering national political office, including one head-of-state case. Fourth, routine cross-border data transit as a standard operational requirement, across fiber-optic infrastructure publicly documented as subject to bulk signals-intelligence collection.

To our knowledge, no major football governing body has publicly announced a post-quantum cryptography migration program. NIST published the post-quantum standards (FIPS 203, 204, 205) in August 2024. The algorithms exist. Whether or not such a plan exists internally, the risk is material: lifetime-sensitive data, vulnerable public-key cryptography, and no way to remediate after the fact. That is the central finding of this report.

Two research preprints published in March 2026 argue that the resource requirements for breaking elliptic-curve cryptography may be substantially lower than previously estimated. Multiple independent programs now describe plausible engineering paths to a cryptographically relevant quantum computer. The precise cost and timeline remain uncertain and are analyzed under three scenarios in Section 6. The thesis of this report does not depend on a specific cost figure or arrival date. It depends on whether such a machine becomes available within the decades-long confidentiality window of cardiac, medical, and identity data. Appendix G demonstrates that the thesis holds under timeline delays extending to 2060 and beyond.

The confidentiality horizon of cardiac ECG data, medical history, genetic predisposition markers, and passport-level identity data is measured in decades, not years. If any portion has been passively collected in transit and stored for future decryption, the exposure cannot be remediated after the fact. The report's recommended actions, beginning with a cryptographic inventory, are set out in Section 10.

Source-based visualizations of the report's core findings. Figures are qualitative and illustrative of the analysis in Sections 6, 9, and 10. They are not predictions and not numerical scores.

This report distinguishes three categories of evidence throughout. Every claim is assigned to one of these categories, and the category is either stated explicitly or inferable from context. This discipline is intentional.

C1  Category 1 · Documented Facts

Claims sourced to peer-reviewed literature, official FIFA documentation, government publications, or primary reporting by established news organizations. Examples: FIFA's mandatory PCMA program (British Journal of Sports Medicine; PMC3596861, PMC4413678, PMC12171438); FIFA Connect (inside.fifa.com); Snowden disclosures (The Guardian, The Washington Post); NIST FIPS 203/204/205 (csrc.nist.gov); the public roles of Weah, Romário, and Shevchenko (Britannica, official government records).

C2  Category 2 · Reasonable Inferences

Claims based on the absence of contrary public evidence or standard industry practice. Examples: that encryption protecting FIFA data in transit uses classical public-key cryptography, and that no major football governing body has publicly announced PQC adoption. See Appendix B for the supporting search methodology.

C3  Category 3 · Structural Risk Analysis

Claims about what could happen given documented infrastructure, known SIGINT capabilities, and the quantum computing trajectory. The HNDL threat model is described by NIST, the Federal Reserve (September 2025), and multiple national cyber authorities. Application of this model to FIFA's specific data environment is the Qtonic Quantum Research Team's analysis. Where a claim falls in Category 2 or 3, bounded language is used: "to our knowledge," "no public evidence can rule out," "may become vulnerable under plausible assumptions."

2.1 Limitations of This Report

• No access to internal FIFA systems. We have not inspected FIFA's encryption configuration, network architecture, or internal security policies. All statements about likely encryption posture are inferred from standard industry practice and the absence of public PQC announcements.
• No access to classified intelligence. We cannot confirm or deny whether any specific HNDL operation is targeting football data. The threat model is structural, not operational.
• Search methodology constraints. The "no public plan" claim is bounded by the methodology in Appendix B. Internal assessments, vendor-initiated upgrades, and unpublished pilots would not be detected.
• Cost-model uncertainty. The Shor-machine cost estimates in Section 6 are the Research Team's analysis based on published component pricing and analogous systems. They are not engineering quotes and are illustrative only.
• Preprint status of key research. The March 2026 Google Research and Oratomic / Caltech / Berkeley papers are preprints that had not completed peer review as of publication. Resource estimates may be revised upward or downward, and they are theoretical estimates rather than demonstrated hardware.

These limitations are inherent to the subject matter. They do not invalidate the thesis. They define its boundaries.

FIFA operates one of the largest centralized sports-data infrastructures in the world. It spans 211 member associations across six confederations and serves as the authoritative system for player registration, international transfers, competition management, and medical compliance.

3.1 The Pre-Competition Medical Assessment C1

Following the death of Marc-Vivien Foé during the FIFA Confederations Cup in 2003, FIFA developed a standardized pre-competition medical assessment (PCMA) program. It was first implemented at the 2006 FIFA World Cup in Germany, introduced to women's and youth competitions in 2007 and 2010, and made compulsory for all FIFA competitions by the FIFA Executive Committee. The protocol includes a personal and family medical history questionnaire, a focused physical examination, a 12-lead resting electrocardiogram (ECG), and, when clinically indicated, transthoracic echocardiography, laboratory blood analysis, and exercise stress testing. Non-adherence is a sanctionable offence.

A 2024 global survey of 165 of 211 FIFA member associations found that 81% recommended or mandated cardiac screening. Among those, 92% used a protocol including at least medical history, physical examination, and 12-lead ECG for adult male players.

SRC: Junge et al., BJSM 2012 (PMC3596861) · Dvorak et al., BJSM 2015 (PMC4413678) · FIFA consensus statement, BJSM 2025 (PMC12171438)

3.2 FIFA Connect & the Global Registration System C1

FIFA Connect assigns a unique global FIFA ID to every registered player, coach, referee, and official, processing identity documentation across all 211 member associations. Integration was mandated by FIFA Circulars 1654 (Nov 2018) and 1679 (Jul 2019), with a July 2020 deadline. The platform includes the FIFA Connect ID Service, the Data eXchange Platform (DXP), and interfaces with the Transfer Matching System (TMS). When a player transfers internationally, TMS generates an Electronic Player Passport (EPP) compiling registration history from age 12. Medical disclosures are part of the transfer process.

SRC: inside.fifa.com/transfer-system/clearing-house · inside.fifa.com/advancing-football/fifa-connect · support.fifaconnect.org

3.3 Data Types Collected

CRITICAL CHARACTERISTIC: much of this data, especially cardiac, medical-history, registration-history, and biometric elements where present, cannot be meaningfully rotated, reissued, or expired. A cardiac ECG from 2024 remains valid and sensitive in 2040, 2060, and beyond.

3.4 Cross-Border Data Transit Patterns

Transfer medical disclosures move between clubs in different countries. Tournament PCMA results flow from host-nation facilities to FIFA (Zurich) and confederation offices in Cairo, Kuala Lumpur, Miami, Luque, Auckland, and Nyon. Registration data is exchanged continuously across 211 member associations through FIFA Connect. Each flow crosses at least one national border, many crossing multiple borders through undersea fiber-optic infrastructure.

The HNDL threat applies to every organization using quantum-vulnerable cryptography. This section addresses whether FIFA's specific data environment warrants differentiated attention. The answer is yes. Not because any single factor is unique, but because of the combination.

4.1 Mandatory Collection, No Opt-Out

Players cannot refuse mandatory cardiac and medical assessment for covered competitions, and FIFA Connect processes identity-related records across the global registration environment. Where biometric elements are present, the irreversibility risk becomes more severe. The PCMA has been compulsory for all FIFA competitions since 2010, with non-adherence a sanctionable offence. Few health systems present the same combination of mandatory collection, global federation, athlete identity, and cross-border governance, and we are not aware of one that mandates cardiac screening across 211 countries with no right of refusal.

4.2 Unmatched Concentration Across Jurisdictions

FIFA Connect concentrates identity and registration data, including any biometric elements present, on players from virtually every nation. Medical and PCMA data move cross-border through documented workflows over the same monitored routes; public sources do not establish a single central clinical repository. The centralized design of FIFA Connect means interception at key transit hubs, particularly those serving FIFA headquarters in Zurich or major confederation offices, could expose identity and registration data from a disproportionately large number of member associations at once. That concentration ratio is difficult to match outside national passport systems.

4.3 Unpredictable Future Political Value

Footballers are collected as athletes. Some later become presidents, senators, and wartime political leaders (see Section 7). FIFA is one of the only organizations that compels lifetime-sensitive data collection from a large population whose future political significance is unknowable at the time of collection.

4.4 Routine Cross-Border Transit

FIFA's data crosses borders as standard operations, not as the exception. Those transit routes cross fiber-optic infrastructure publicly documented as subject to bulk signals-intelligence collection. The attack surface is the entire set of international data routes the sport requires to function, with no path to avoid it without ceasing operations.

4.5 Comparison to Other Sectors

4.6 Comparable Organizations

International Olympic Committee. The IOC requires medical examinations but operates on a quadrennial cycle with roughly 10,500 athletes per event. It does not maintain a year-round centralized registration system comparable to FIFA Connect across 211 federations. The episodic nature of collection substantially reduces the attack surface relative to FIFA's continuous flows.

World Anti-Doping Agency. WADA's ADAMS system tracks athlete whereabouts and biological-passport data globally and is the closest analogue in reach. But its data is primarily biochemical rather than cardiac or identity-biometric, and sensitivity horizons are typically career-length, not lifetime.

National passport systems. The closest analogue in biometric sensitivity and mandatory participation. But they are operated by a single sovereign with dedicated security infrastructure and legal frameworks. FIFA operates a comparable footprint without sovereign-grade security, across 211 jurisdictions of widely varying cybersecurity maturity. The least-protected member association sets the ceiling for the whole network.

HNDL requires three conditions to be simultaneously true. First, the ability to passively collect encrypted traffic in transit. Second, the ability to store that traffic indefinitely at low cost. Third, a reasonable expectation that the encryption will become breakable within the useful lifetime of the data. For lifetime-sensitive data, even a distant quantum timeline creates present-day exposure. The harvest happens now. The decryption happens later. The victim never knows.

5.1 How Easy Is the Harvest C1

As much as 99% of intercontinental internet traffic travels through undersea fiber-optic cables. At landing points and amplification stations (roughly every 80 km for undersea cables), data can be copied without interrupting flow. Documents disclosed by Edward Snowden in 2013 revealed GCHQ's Tempora program collected approximately 21 million gigabytes per day from fiber-optic cables. INCENSER pulled approximately 14 billion pieces of internet data per month from a single submarine cable. Equipment for fiber-optic interception is commercially available at relatively low cost.

5.2 Documented Bulk Collection Programs C1

SRC: The Guardian (Tempora, Jun 2013) · Channel 4 News / Süddeutsche Zeitung (INCENSER, Nov 2014) · Privacy International · AP (USS Jimmy Carter, 2005) · Wilson Center (Optical Core Infrastructure, Feb 2024)

5.3 Technical Analysis: Encryption in Transit C2

FIFA has not publicly disclosed its encryption configuration. Based on standard industry practice, web-based data exchanges are likely protected by TLS 1.2 or 1.3 with classical key exchange (ECDHE-RSA or X25519). Both are quantum-vulnerable. TLS 1.3 provides forward secrecy against classical key compromise but does not protect against quantum cryptanalysis of a recorded session. HNDL captures the entire session including the ephemeral key exchange, which becomes breakable under Shor's algorithm. Hybrid post-quantum key agreement is already deployed or tested in major production environments, including Chrome and Cloudflare. Signal has separately deployed post-quantum protections in its messaging protocol. The technology to protect data flows of this kind exists today. To our knowledge, and within the sources reviewed, no football governing body has publicly announced deploying it.

5.4 Historical Precedents

East German Stasi files. Medical and personal data collected over four decades was weaponized for coercion after reunification. Data collected under one arrangement can be weaponized under a different one.  OPM breach (2015). Security-clearance files of 21.5 million people, including decades-old medical information, were exposed. Centralized identity data retains intelligence value indefinitely.  Equifax breach (2017). PII of 147 million individuals exposed. Unlike passwords, SSNs and biometrics cannot be rotated. The exposure is permanent.

ROLE IN THESIS: the central argument does not depend on a specific quantum timeline or machine cost. It depends on whether a cryptographically relevant quantum computer becomes available within the decades-long sensitivity horizon of the data FIFA collects. Cost estimates below are illustrative, not load-bearing.

6.1 Resource Estimates by Problem Class

The two March 2026 preprints report physical-qubit figures that appear to conflict: the Google Research team estimates fewer than 500,000 physical qubits for ECC-256, while Cain et al. estimate roughly 26,000 for the same elliptic-curve problem (their headline figure, as few as 10,000 reconfigurable atomic qubits, applies to factoring). The gap is not an error in either paper. It reflects different error-correction assumptions: conservative overhead ratios in the Google work, high-performing qLDPC codes on reconfigurable neutral-atom hardware in Cain et al. Both agree on the direction: requirements are substantially lower than prior estimates. This report treats both as lower-bound illustrations of a compressing requirement, not engineering specifications. The structural thesis rests on the peer-reviewed 2019 baseline and the data's sensitivity horizon (Appendix G), not on either preprint.

PHYSICAL VS LOGICAL: the counts above are physical qubits. For ECC-256 the logical-qubit requirement is on the order of 1,200–1,450; the remainder is fault-tolerance overhead. Scott Aaronson, a noted skeptic of quantum-computing hype, called the Cain et al. result the more substantive of the two papers while cautioning that neither demonstrates a new experimental capability. This report adopts that caution: these are theoretical estimates, not demonstrated hardware.

6.2 Illustrative Cost Scenarios C3

ORDER-OF-MAGNITUDE ONLY. Derived from preprint inputs not yet peer-reviewed. Not engineering quotes. The thesis holds whether the machine costs $20M or $200M, provided it arrives within the data's sensitivity horizon.

6.3 Engineering Gaps & Falsifiability

• Gate fidelity. Current best ~99.7%; target 99.9%+. Failure pushes cost toward $40–60M+.
• qLDPC at scale. 10:1 ratio is theoretical. At 30:1 the machine needs ~78,000 qubits (~3× cost).
• Classical control. Tens of thousands of qubits, microsecond precision, ~10 days continuous operation. An unprecedented engineering challenge.

This thesis would be significantly weakened if any of the following were demonstrated. First, a publicly announced and documented PQC migration program at FIFA or a major confederation, already underway with verifiable deployment evidence. Second, FIFA transit architecture using end-to-end post-quantum encryption or avoiding monitored fiber entirely. Third, PCMA data remaining entirely within host-country systems, never transmitted cross-border. Fourth, a quantum cryptanalysis timeline extending beyond 2045, shrinking the overlap with the data's sensitivity horizon to a negligible range. Each condition is specific, verifiable, and testable. We are not aware of evidence supporting any of them as of April 2026.

6.4 Timeline Resilience

The critical question is not when a quantum computer will be built. It is whether one will be built within the sensitivity horizon of the data. A player screened at age 22 in 2024 will be 58 in 2060.

Full resilience analysis in Appendix G. Under every scenario examined, including a 36-year delay, the data remains sensitive at the time of potential decryption.

6.5 Independent Expert Consensus C1

The report's thesis does not rest on the company's own view of the timeline. The Global Risk Institute, with evolutionQ, has surveyed quantum-computing experts annually since 2019. Its seventh edition (dated 9 March 2026, authored by Michele Mosca and Marco Piani, 26 respondents) reports that a cryptographically relevant quantum computer is considered quite possible within ten years and likely within fifteen, the highest ten-year estimate in the survey's history. At the twenty-year mark, a large majority of respondents place the probability at fifty percent or higher. That survey frames the decision through the Mosca Inequality: if the sensitivity life of the data plus the migration time exceeds the time to a quantum threat, the data is already at risk. For cardiac, genetic, and identity records with lifetime sensitivity, that inequality is satisfied under essentially every published estimate.

Intelligence services have operational incentives to collect broadly and sort later. No analyst in 2006 could predict which players being screened at a FIFA World Cup would hold national office by 2018. The documented pattern of footballers entering political life, including at head-of-state level, establishes that FIFA's data subjects carry an unpredictable future political significance that compounds the HNDL risk in ways that are unusual relative to most hospital or corporate data environments.

7.1 Footballers Who Entered National Political Office C1

George Weah · Liberia. Professional career 1985–2003 at top European clubs. FIFA World Player of the Year 1995. Elected 25th President of Liberia in 2017. Served 2018–2024.

Romário · Brazil. Professional career 1985–2007. 1994 World Cup Golden Ball. Elected to the Brazilian Chamber of Deputies in 2010. Elevated to the Federal Senate in 2014, where he currently serves.

SRC: Britannica · official Liberian government biography (emansion.gov.lr) · FIFA.com official profiles · Brazilian Federal Senate public records

7.2 Athletes Who Entered Politics, Public Office, or National Sports Governance

7.3 The Coercion Risk Model C3

The coercion risk is structural, not an allegation about any named individual. Data treated as routine health information at collection can become leverage against someone later operating in public life. No intelligence service can predict which current player will matter politically in 2045.

FIFA Connect processes passport-level identity documentation across 211 member associations. Depending on the specific biometric data elements present in a registration record, a decrypted passport-level identity record from FIFA Connect, including any biometric elements present in that record, would, structurally, present exploitation vectors similar to identity documents obtained from government databases.

A state or non-state actor with access to decrypted FIFA Connect records would, structurally, possess a database of passport-grade identity records spanning 211 nations: a resource with intelligence, criminal, and geopolitical applications well beyond the domain of sport. The permanence of biometric data makes this the highest-irreversibility risk in the entire threat model. This section analyzes the structural properties of the data, not alleged events.

9.1 Absence of Public PQC Announcements C2

To our knowledge, as of 11 June 2026 and within the search scope described in Appendix B (refreshed on the publication date), no major football governing body has publicly announced a post-quantum cryptography migration program. This includes FIFA, all six confederations (AFC, CAF, CONCACAF, CONMEBOL, OFC, UEFA), and major domestic leagues. The absence is consistent across all tiers of the global football governance structure.

9.2 NIST Deprecation Timeline C1

• Aug 2024 · NIST publishes FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA).
• Jan 2027 · CNSA 2.0 requires PQC-compliant acquisitions for new national security systems.
• 2029 · Google's internal PQC migration deadline. Signals enterprise-grade feasibility within this window.
• 2030 · NIST IR 8547 (initial public draft) targets deprecation of RSA/ECDSA across US federal infrastructure.
• 2035 · NIST full disallowance of RSA/ECDSA in new implementations, per the same draft.

9.3 Migration Progress by Sector

9.4 Migration Complexity for Federated Governance

• Heterogeneous IT. 211 member associations of vastly different cybersecurity maturity. A compromise at any single node creates exposure across the whole network. The system is only as protected as its least-protected member.
• Vendor dependency. Many associations use third-party systems. FIFA cannot directly control their encryption stack or mandate upgrades unilaterally.
• Certificate management at scale. Migrating TLS certs, API keys, and VPN configurations across 211 nations requires extensive multi-jurisdictional coordination.

Timeline estimate. 3–5 years from committed decision to full deployment across all member associations. If started in 2026, completion lands 2029–2031, aligned with the NIST draft deprecation window. Deferred to 2028, completion lands 2031–2033, overlapping the quantum timeline under base and optimistic scenarios. Every year of delay narrows the safe migration window.

9.5 Data Protection & Regulatory Exposure

GDPR. EU player data is subject to Article 32 (appropriate technical measures), Article 9 (special categories including health data), and Article 25 (data protection by design). Known cryptographic deprecation may trigger a duty to assess quantum risk.  Swiss nFADP (2023). Requires appropriate technical measures for sensitive personal data; FIFA is directly subject.  Player data rights. Rights to information (Art. 13/14), access (Art. 15), and erasure (Art. 17). The compulsory, no-opt-out nature of the PCMA substantially increases regulatory sensitivity.

A post-quantum migration is a multi-year engineering and governance initiative, not a software patch. For an organization with FIFA's jurisdictional complexity, it requires sustained executive commitment, dedicated resources, and a structured framework. The technology exists today. What is required is the decision to begin.

1. Cryptographic InventoryMap where cardiac, medical, and identity data is stored, how it is encrypted at rest and in transit, which algorithms are in use (RSA, ECDH, ECDSA, TLS versions), and which systems are migration-agile. This Cryptographic Bill of Materials (CBOM) is the prerequisite for everything that follows. Without it, migration cannot be scoped or sequenced.
2. Network VisibilityCryptographic posture cannot be assessed at headquarters alone. Visibility into the posture of 211 member associations, six confederations, and major club systems is essential, because a compromise at any node can expose linked records or flows, depending on segmentation and access controls. The US federal CBOM program offers a working template for large distributed organizations.
3. Migration TimelineNIST standards are finalized. Enterprise PQC migration requires 2–5 years. Begun in 2026, completion aligns with the draft 2030 NIST deprecation target. Deferred to 2028+, the window narrows and may overlap the quantum timeline under optimistic and base-case scenarios. The 2026 FIFA World Cup is a near-term forcing function for concentration of cross-border medical data.
4. Risk Quantification FrameworkHNDL risk is a function of five variables: V (value of decrypted data), S (sensitivity horizon), P(H) (probability of harvest), P(Q) (probability of quantum decryption within S), and R (remediability). FIFA's cardiac, medical, and identity data scores high V, long S, non-trivial P(H), increasing P(Q), and zero R. These data types warrant highest prioritization within any migration sequencing.
5. Cyber Insurance & Financial Risk Transfer C3Cyber insurers are tightening underwriting around systemic and catastrophic risk. The market has already moved to exclude state-backed and war-related cyber losses, and reinsurers are actively reframing how large, correlated cyber events are defined and priced. Harvest-now-decrypt-later sits squarely in that systemic-risk category: a single cryptanalytic advance could expose many insureds at once. It is reasonable to expect quantum readiness to enter underwriting questionnaires and pricing as that category matures. For a CFO, this is a plausible near-term financial trigger that does not depend on the quantum timeline being resolved, only on insurers treating quantum exposure as material.

One of the most sensitive data environments in professional sports is protected by cryptography with a published deprecation timeline. The data behind it lasts a lifetime. To our knowledge, and within the sources reviewed, no public plan for what comes next has been identified in football.

The claim that no major football governing body has publicly announced PQC migration is based on the following bounded search methodology, disclosed in full to support informed interpretation of the claim's scope.

Search Scope

FIFA, all six confederations (AFC, CAF, CONCACAF, CONMEBOL, OFC, UEFA), the top five domestic leagues by revenue (Premier League, La Liga, Bundesliga, Serie A, Ligue 1), and the top 20 clubs by revenue (Deloitte Football Money League 2025).

Search Method

Web searches conducted between 15 March and 5 April 2026 using Google, Bing, and direct searches of organizational websites. Terms included combinations of [organization name] + "post-quantum," "PQC," "quantum-safe," "quantum-resistant," "FIPS 203," "ML-KEM," "cryptographic migration."

Result

Zero public announcements of PQC migration programs were identified across any entity in scope. The search was refreshed on the publication date, 11 June 2026, and no contrary public announcement was identified. This supports the claim as stated, "to our knowledge, no major football governing body has publicly announced," but does not prove no internal activity exists.

Exclusions & Limitations

We did not search private or internal communications, non-public board minutes, vendor contracts, or classified government assessments. This methodology would not detect unpublished internal assessments, vendor-initiated upgrades that are not publicly announced, or migration activity within IT infrastructure providers serving football organizations. The claim is bounded accordingly: it establishes the public posture, not the internal reality.

CBOM

Cryptographic Bill of Materials. Inventory of all cryptographic assets in an organization.

CNSA 2.0

NSA's updated algorithm guidance for National Security Systems.

ECC / ECDSA / ECDH

Elliptic Curve Cryptography and its signature/key-exchange variants. Vulnerable to Shor's algorithm.

ECG

Electrocardiogram. Recording of the heart's electrical activity. Collected under the mandatory PCMA.

EPP

Electronic Player Passport. FIFA document compiling registration history from age 12.

FIPS 203/204/205

NIST post-quantum standards: ML-KEM, ML-DSA, SLH-DSA.

HNDL

Harvest Now, Decrypt Later. Threat model for future quantum decryption of today's encrypted data.

ML-KEM

Module-Lattice Key Encapsulation Mechanism. NIST FIPS 203.

ML-DSA

Module-Lattice Digital Signature Algorithm. NIST FIPS 204.

NSM-10

White House directive requiring federal cryptographic inventory and PQC migration.

PCMA

Pre-Competition Medical Assessment. FIFA's mandatory medical screening protocol.

PQC

Post-Quantum Cryptography. Algorithms designed to resist attacks by quantum computers.

qLDPC

Quantum Low-Density Parity-Check codes. Error-correction codes with lower overhead requirements.

RSA

Rivest-Shamir-Adleman. Public-key cryptosystem vulnerable to Shor's algorithm.

Shor's Algorithm

Quantum algorithm (1994) capable of breaking RSA and ECC encryption at scale.

TMS

Transfer Matching System. FIFA's international player-transfer processing system.

Conceptual. Each edge represents a cross-border data-transit event. The FIFA Connect hub processes identity and registration data continuously across all 211 member associations, the primary HNDL attack surface.

The 2026 FIFA World Cup (US / Canada / Mexico, kickoff 11 June 2026) is likely to generate one of the most concentrated bursts of cross-border medical and registration-related data transfers. Tournament PCMA data for players representing 211 nations will transit between host-country facilities, FIFA headquarters in Zurich, and all six confederation offices, within a compressed timeframe, across three distinct legal jurisdictions.

A common objection to HNDL arguments is that the quantum timeline is uncertain and may extend well beyond current estimates. This appendix demonstrates that the thesis holds under substantially delayed timelines. The summary resilience table appears in Section 6.4; the full reasoning follows.

The Sensitivity Horizon Test

• Cardiac ECG data. A cardiac anomaly detected in early adulthood remains medically relevant into old age. Horizon: 58+ years from collection.
• Genetic predisposition markers. Permanent. Horizon: lifetime of the individual.
• Biometric elements, where present. Cannot be reissued. Horizon: lifetime of the individual.
• Concussion history. Affects cognitive-health assessments for life, relevant in insurance, employment, and political contexts. Horizon: lifetime.

If a quantum computer capable of breaking classical encryption becomes available at any point before that data loses sensitivity, any encrypted copy collected in transit becomes decryptable. The thesis would be weakened only if (a) no such machine is built within the lifetime of the data subjects AND (b) no other cryptanalytic advance compromises the same algorithms during that period. Given the current trajectory across multiple independent programs, the likelihood of both holding for 50+ years appears low on present evidence, though it cannot be ruled out. This assessment may change as research evolves.

The Asymmetry of Regret

The cost of migrating now and being wrong is manageable: stronger cryptography deployed, implementation cost incurred, no downside to data subjects. The cost of not migrating and being wrong is potentially catastrophic: lifetime-sensitive data for players across 211 nations permanently compromised, with no remediation possible. For cardiac ECG data, genetic markers, and biometric elements where present, the balance of evidence suggests the data's sensitivity horizon will exceed the period during which current encryption can be considered reliable. The remaining uncertainty is not whether this gap exists, but how wide it will be.

Disclaimer

This material is provided as a public research report for informational purposes only and does not constitute legal, regulatory, compliance, investment, security, or other professional advice. This report does not allege that FIFA, any confederation, any member association, or any individual has experienced a data breach, or that any specific harvest-now-decrypt-later operation is targeting football data. It describes a structural risk inherent in the use of quantum-vulnerable cryptography to protect lifetime-sensitive medical and identity data across a global data infrastructure. Cost estimates, timeline projections, and hardware assessments reflect Qtonic Quantum's analysis of publicly available research and are subject to meaningful uncertainty. The March 2026 papers referenced are preprints that had not completed peer review as of publication.

Non-Reliance

No person or entity should rely on the contents of this report as a basis for any decision or action without obtaining independent professional advice specific to their circumstances. Qtonic Quantum Corp expressly disclaims any and all liability for actions taken or not taken based on any or all of the contents of this report. This report is not an offer, solicitation, or recommendation to purchase any product or service. Qtonic Quantum Corp offers commercial services in the field this report addresses. Readers should weigh that interest.

Named Individuals

Individuals named in this report appear solely as publicly documented examples of athletes who later entered political or public life, drawn from public records and established reporting. This report makes no statement or implication that any named individual's data has been collected, intercepted, harvested, transmitted, stored, or decrypted, that any named individual's medical or biometric information is or was at risk, or that any named individual faces any specific or actual harm. References are illustrative of a general, documented pattern only. Their inclusion implies no criticism of any named individual. Biographical facts are drawn solely from public records.

Nature of Statements

Statements characterized as risk analysis, inference, projection, or structural assessment are expressions of opinion based on publicly available information, not assertions of fact. The evidence-category labels (C1 documented fact, C2 reasonable inference, C3 structural risk analysis) and the bounded language used throughout indicate the basis and confidence of each claim.

Public Release & Media Use

This report is approved for public distribution and may accompany press materials. Quotations attributed to the Qtonic Quantum Research Team or to Qtonic Quantum Corp in press materials are authorized only in the exact form approved in writing. Media inquiries may be directed to the contact details on the following page. Factual errors identified after publication will be corrected in subsequent versions and noted. Independent replication of the Appendix B search methodology is invited. Third-party names and marks, including FIFA, appear for identification and commentary only. Their use does not imply affiliation, sponsorship, or endorsement.

Copyright

© 2026 Qtonic Quantum Corp. All rights reserved. No part of this report may be reproduced, distributed, or transmitted in any form without the prior written permission of Qtonic Quantum Corp, except for brief quotations in critical reviews and noncommercial uses permitted by copyright law.